Security News > 2023 > August > Alert: Juniper Firewalls, Openfire, and Apache RocketMQ Under Attack from New Exploits
Recently disclosed security flaws impacting Juniper firewalls, Openfire, and Apache RocketMQ servers have come under active exploitation in the wild, according to multiple reports.
"This flaw allows an unauthorized user to exploit the unauthenticated Openfire Setup Environment within an established Openfire configuration," cloud security firm Aqua said.
"As a result, a threat actor gains access to the admin setup files that are typically restricted within the Openfire Admin Console. Next, the threat actor can choose between either adding an admin user to the console or uploading a plugin which will eventually allow full control over the server."
Threat actors associated with the Kinsing malware botnet have been observed utilizing the flaw to create a new admin user and upload a JAR file, which contains a file named cmd.
In a sign that threat actors are always on the lookout for new flaws to exploit, an updated version of the DreamBus botnet malware has been observed taking advantage of a critical-severity remote code execution vulnerability in RocketMQ servers to compromise devices.
In the attacks detected by Juniper Threat Labs since June 19, 2023, successful exploitation of the flaw paves the way for the deployment of a bash script called "Reketed," which acts as the downloader for the DreamBus botnet from a TOR hidden service.
News URL
https://thehackernews.com/2023/08/alert-juniper-firewalls-openfire-and.html
Related news
- Muhstik Botnet Exploiting Apache RocketMQ Flaw to Expand DDoS Attacks (source)
- POC exploit code published for 9.8-rated Apache HugeGraph RCE flaw (source)
- New Attack Technique Exploits Microsoft Management Console Files (source)
- New SnailLoad Attack Exploits Network Latency to Spy on Users' Web Activities (source)
- Hackers use PoC exploits in attacks 22 minutes after release (source)
- Critical Apache HugeGraph Vulnerability Under Attack - Patch ASAP (source)